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DETAILED ACTION 

1. Claims 34, 36-49, 51-64 and 66-78 are presented for examination; claims 1-33 are non- 
elected and/or withdrawn. 

Election/Restrictions 

2. Claims 1-33 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as 
being drawn to a nonelected invention, there being no allowable generic or linking claim. 
Election was made without traverse in the reply filed on 09/28/2007. 

Response to Amendment/amendment 

3. The amendments to claims 34, 49 and 64 in view of claim objections last office action 
page 2 is accepted and objections are herein withdrawn. 

4. Regarding argument the reference(s) failure to disclose wherein the host fingerprint F is 
computed at least in part from host information C and/or the host information C that is computer 
processor serial and/or model number and/or hard drive serial/model number and/or MAC 
address, remark page 19, argument is not persuasive because these information are not claimed 
and "detected internal data NNNNN" of Iijima is terminal device/host information. 

5. Regarding arguments on page 20, argument is moot in view of new grounds of rejection 
below. 

Claim Rejections - 35 USC § 1 Ol 

6. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 



Application/Control Number: 1 0/701 ,029 Page 3 

Art Unit: 2136 

7. Claim 49, and 5 1-63 are rejected under 35 U.S.C. 101 because it is directed to non- 
statutory subject matter as failing to fall within a statutory category and as being directed to 
software per se (although the preamble of claim 1 recites a "An apparatus" it does not inherently 
mean that the claim is directed to a machine). The specification also describes, on page 8 lines 
13-page 9 lines 20 the means for retrieving, generating and transmitting as software. Therefore, 
claims 49, and 51-63 are software per se. See MPEP 2106. 

Claim Rejections - 35 USC §103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

9. Claims 34-35, 38-44, 49-50, 53-59, 64-65, and 68-74 rejected under 35 U.S.C. 103(a) 
as being unpatentable over Iijima USPN 5225664 in view of Ho et al. US PG Pubs 
20030143989 Al. 

Regarding claims 34, 49 and 64, Iijima discloses a method/apparatus of authenticating a 
hardware token (IC card 1) for operation with a host {terminal device 8), comprising the steps of: 

retrieving a value X (col. 4 lines 42-64; C2X) from a memory accessible to an 
authenticating entity, the value X generated from a computer fingerprint F {internal data 
NNNNN) of the host (col. 4 lines 42-50 and col. 3 lines 64-67) and an identifier P securing access 
to the token, wherein the host fingerprint F is computed at least in part from host information C 
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(col. 4 lines 42-49 and col. 4 lines 21-26; internal data NNNNN,... random number ...card 
number/SN); 

generating the identifier P at least in part from the value X and the fingerprint F (col. 4 
lines 55-63 and lines 42-49; C2 is generated by encrypting random data B using key data 
NNNNN); and 

transmitting the generated identifier P to the token to authenticate the token for operation 
with the host (col. 4 lines 64-col. 5 lines 23; C2 is transmitted to IC card for authentication). 

Iijima fails to disclose regenerating the same identifier value P at least in part from the 
value X and the fingerprint F and transmitting the regenerated identifier P. 

However Ho et al. discloses generating a new same identifier based on received 
information and comparing the new identifier with received identifier and communicating based 
on comparing result (see par. 26, claim 27 and fig. 3 element 320, 370, 380, and 395). 

Therefore it would have been obvious to one having ordinary skill in the art at the time of 
the invention was made to modify the teachings of Ho et al. within the system of Iijima because 
they are analogous in authentication. One would have been motivated to modify the teachings to 
provide proper access based on authentication. 

Regarding claims 38, 53 and 68, Iijima discloses the method/apparatus, wherein the value X is 
computed in the token (col. 4 lines 42-49). 

Regarding claims 39, 54 and 69, Iijima discloses the method/apparatus, wherein the value X is 
computed according to X=f(P,F), wherein f(P,F) is a reversible function such that f(f(P,F),F)=P 
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(col. 3 lines 56-col. 4 lines 64). 
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Regarding claims 40, 55 and 70, Iijima discloses the method/apparatus, wherein f(P,F) comprises 
P XOR F (col. 3 lines 56-col. 4 lines 64). 

Regarding claims 41, 56 and 71, Iijima discloses the method/apparatus, wherein the value X is 
further computed at least in part from a user identifier U (col. 2 lines 43-62). 

Regarding claims 42, 57 and 72, Iijima discloses the method/apparatus, wherein the value X is 
computed according to X=f(P,U,F), wherein f(P,U,F) is a reversible function such that 
f(f(P,U,F),U,F)=P (col. 3 lines 56-col. 4 lines 64). 

Regarding claims 43, 58 and 73, Iijima discloses the method/apparatus, wherein f(P,U,F) 
is P XOR U XOR F (col. 3 lines 56-col. 4 lines 64). 

Regarding claims 44, 59 and 74, Iijima discloses the method/apparatus, wherein: the authorizing 
entity is a host computer communicatively coupleable to the token; and the value X is stored in 
the host computer (fig. 1 elements 1 and 8). 

10. Claims 45-48, 60-63, and 75-78 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Iijima USPN 5225664 and Ho et al. US PG Pubs 20030143989 Al and 
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further in view of Miura USPN 6952775 Bl. 

Regarding claims 45, 60 and 75, Iijima fails to disclose hashing. However Miura discloses the 
method/apparatus of IC card 103 authentication (see fig. 1) and the authentication comprising 
hashing multiple entity's personal information (see fig. 6-7), storing the computed hash value 
(col. 2 lines 64-col. 3 lines 7). Therefore it would have been obvious to one having ordinary skill 
in the art at the time of the invention was made to modify the teachings of Miura within the 
combination system to compute a hash value of value x because computing a hash value of 
authenticating data is well known at the time of the invention for authentication. 

Regarding claims 46, 61 and 76, Miura discloses the method/apparatus of IC card 103 
authentication (see fig. 1) and the authentication comprising hashing multiple entity's personal 
information (see fig. 6-7), storing the computed hash value (col. 2 lines 64-col. 3 lines 7). 
Therefore it would have been obvious to one having ordinary skill in the art at the time of the 
invention was made to modify the teachings of Miura within the combination system to compute 
a hash value of in part from the fingerprint F; and retrieving the value X associated with the 
reference value H because computing a hash value of authenticating data is well known at the 
time of the invention for authentication. 

Regarding claims 47, 62 and 77, Miura discloses the method/apparatus of IC card 103 
authentication (see fig. 1) and the authentication comprising hashing multiple entity's personal 
information (see fig. 6-7), storing the computed hash value (col. 2 lines 64-col. 3 lines 7). 
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Therefore it would have been obvious to one having ordinary skill in the art at the time of the 
invention was made to modify the teachings of Miura within the combination system to compute 
a hash value of in part from the fingerprint F; and retrieving the value X associated with the 
reference value H because computing a hash value of authenticating data is well known at the 
time of the invention for authentication. 

Regarding claims 48, 63 and 78, Miura discloses the method/apparatus of IC card 103 
authentication (see fig. 1) and the authentication comprising hashing multiple entity's personal 
information (see fig. 6-7), storing the computed hash value (col. 2 lines 64-col. 3 lines 7). 
Therefore it would have been obvious to one having ordinary skill in the art at the time of the 
invention was made to modify the teachings of Miura within the combination system to compute 
a hash value of in part from the fingerprint F; and retrieving the value X associated with the 
reference value H because computing a hash value of authenticating data is well known at the 
time of the invention for authentication. 

11. Claims 36-37, 51-52, and 66-67 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Iijima USPN 5225664 and Ho et al. US PG Pubs 20030143989 Al and 
further in view of Ayyagari et al. 2003/0208677. 

Regarding claims 36, 51 and 66, Iijima teaches wherein the host fingerprint F is 
computed at least in part from host information C (see col. 3 lines 56-col. 4 lines 64) but fails to 
disclose wherein the host fingerprint F is computed at least in part from a server specific value V. 
However Ayyagari et al. discloses identifier information comprising a concatenated hardware 
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address of the access server and a hardware address of a client. There fore it would have been 
obvious to one having ordinary skill in the art at the time of the invention was made to modify 
the teachings of Ayyagari et al. with in the combination system because they are analogous in 
authentication. One would have been motivated to incorporate the teachings to include the 
remote server within the authentication. 

Regarding claims 37, 52 and 67, Iijima teaches wherein the host fingerprint F is computed at 
least in part from host information C and a fixed string Z (see col. 3 lines 56-col. 4 lines 64) but 
fails to disclose wherein the host fingerprint F is computed at least in part from a server specific 
value V and a fixed string Z. However Ayyagari et al. discloses identifier information 
comprising a concatenated hardware address of the access server and a hardware address of a 
client. There fore it would have been obvious to one having ordinary skill in the art at the time of 
the invention was made to modify the teachings of Ayyagari et al. with in the combination 
system because they are analogous in authentication. One would have been motivated to 
incorporate the teachings to include the remote server within the authentication. 

Conclusion 

12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eleni A. Shiferaw whose telephone number is 571-272-3867. 
The examiner can normally be reached on Mon-Fri 8:00am-5:00pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser R. Moazzami can be reached on (571) 272-4195. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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